Amazon Web Service

Aws: AWS services is Amazon’s cloud web hosting platform that offers flexible, reliable, scalable,
easy-to-use, and cost-effective solutions.
Cloud computing: is a term referring to storing and accessing data over the internet

There are 3 types of cloud services:

1. Private cloud: it is dedicated to a single tenant. It is dedicated in terms of hardware and
security.
2. Public cloud: shared with multiple tenants and the cost is lesser. Ex: AWS, GCP (google),
Oracle, Microsoft Azure, Alibaba Cloud, etc…
3. Hybrid cloud: hybrid is a combination of both public and private clouds. It is the most
successful cloud practice. Example: Openstack & VMware
What is the reason behind the cloud? Answer: Virtualization
Virtualization will transfer hardware into software example: VMware.
Private cloud: is dedicated to a single organization, highly secured, and Greater flexible.
Public cloud: Third-party provider makes resources and services available to the customer via
Internet
Advantages: cost-effective, reliable, unlimited storage, backup & recovery

Third-party providers: AWS, GCP (google), Oracle, Microsoft Azure, etc…

3 types of services
1. IaaS=Infra structure as a service
2. PaaS = Platform as a service
3. SaaS= Software as a service
Advantages of IAS:

1. Shared infrastructure
2. Pay as per you use model
3. Focus on core business
4. On demand scalability
Disadvantage of IAS:
1. Security
2. Maintenance & upgrade
PAS
Ex: Google app engine, salesforce, windows azure etc
Advantages of PAS:

1. Simplified Development
2. Lower risk
3. Scalability
Disadvantages of PAS:
1. Vendor locking /flexibility
2. Integrating with rest of the applications
SAS

Example: Google, Microsoft office 365

Advantages of SAS:
1. Reduced time to benefit
2. Lower costs
3. Scalability and integration
4. Trouble-free Upgradation
5. Easy to use and perform proof-of-concepts
Disadvantages
1. Insufficient Data Security
2. Difficulty with Regulations Compliance
3. Cumbersome Data Mobility
4. Low Performance
Ip address:

Class A : 1.X.X.X TO 126.X.X.X

Class B : 128.X.X.X TO 191.X.X.X
Class C: 192.X.X.X TO 223.X.X.X
Class D: 224.X.X.X TO 239.X.X.X
Class E: 240.X.X.X TO 254.X.X.X
127.0.0.0 is called loopback ip (it is reserved)
1) What is VPC (virtual private cloud)?
It is a virtual network dedicated to your AWS account, it logically isolates from other virtual
networks in the AWS cloud, and where you can launch your AWS instance.
VPC consists of subnets, network gateway & Routing table.

What is a subnet?
The subnet is a logical subdivision of the IP network. The practice of dividing a network into 2
or more networks is called subnetting.

2) What is a Route table?

A set of rules called routes that are used to determine where network traffic is directed.

3) What is an Internet gateway?

A gateway that you attach to your VPC to enable communication between resources in your
VPC and the internet.

4) What is a NAT gateway?

NAT Gateway is used to connect to the Internet from instances within a private subnet in the
VPC.
Nat gateway will be created from the public subnet and attached to the private subnet.

5) What is the VPC endpoint?

It enables you to privately connect your VPC to supported AWS services and VPC endpoint
 services powered by private links without requiring an internet gateway, NAT device, VPN
connection, or AWS direct connection.

6) What is VPC peering connection?

A VPC peering connection is a network connection between 2 VPC that enables you to route
traffic between them using a private IPV4 or IPV6 address.
Instances in either VPC can communicate with each other as if they are within the same
network.
You can create a VPC peering connection between your own VPC or with a VPC in another
AWS account.

7) Limitations of VPC peering.

I. You cannot create a VPC peering connection between VPCs that have matching or
overlapping IPV4 CIDR blocks. Amazon always assigns a unique IPV6 CIDR block.
II. You have a quota on the number of active and pending VPC peering connections that you
can have per VPC.
III. VPC peering does not support transitive peering relationships. In VPC peering connection,
one VPC does not have access to any other VPC with which the peer VPC may have
peered.
IV. Cannot have more than 1 VPC peering connection between the same 2 VPCs at the same
time.

8) What is NACL (Network ACL)? Network Access Control Lists

NACLs are firewalls at the subnet level.
You can use a network ACL to control the traffic to and from the subnet in which the NAT
gateway is located.

9) What is a security group?

A security group acts as a virtual firewall for your instance to control inbound and outbound
traffic.
When you launch an instance in a VPC, you can assign up to 5 security groups to the instance.
Security group act at the instance level and not at the subnet level.

10) Difference between public subnet and private subnet

Public Subnet – Users can access resources from the internet. Internet traffic is routed via an
internet gateway. Applications are stored in a public subnet.

Private Subnet - Users cannot access resources from the internet. Internet traffic is routed via
the NAT gateway. Data is stored in a private subnet (database, API calls, passwords)
Configuration of EC2 Models:

Types of EC2 payment models:

1. On demand or capacity reservation:
a. These instances work as pay as you go model.
b. Long time commitment is not required for this instance.
c. These are bit costlier
2. Spot instances:
a. These are called as bidding instances.
b. We can bid these instances as per the requirement.
3. Dedicated hosts:
a. Basically, dedicated instances are provided with the hardware configurations.
4. Reserved instances:
a. These are utilized for the longer time frame.
b. These would be having discounts in terms of pricing because of longer utilization time
frame.
c. Will get to know platform, tenancy, instance type and payment options for reserved
instances.
AWS Storage:

1. Elastic Block Storage (EBS)

2. Elastic file storage (EFS)
3. Simple Storage Service (S3)
1. EFS (Elastic File System):
It is like a shared disk, EFS is more used in case of sharing the disk space. EFS storage is used in
cluster management to have availability.
Storage space sharing is possible in EFS and not possible in EBS
Eg – Cassandra cluster, Kubernetes, Machine learning, and AWS lambda.
 Advantages of EFS:
cost-effective, Speed, Disk share.

2. EBS (Elastic Block Storage):

EBS provides simple, scalable, high-available block storage. EBS can only attach to one EC2
system. It is block storage.
Storage space sharing is not possible in EBS

Important 3 models of EBS:

1. Provision IOPS (64000)
2. General purpose (16000)
3. Magnetic (5000)
Note: EBS can be attached to only one instance, EBS and Volume should be there in the same
region to avail of the EBS
Benefits of EBS:

1. SSD storage technology (solid-state drive)

2. Highly available, fast, and scalable

3. S3 (Simple Storage Service) :

It is basically object storage. S3 cannot hold data, but it can store & hold data that are in the
form of objects. S3 is not region specific. We can host a static website on S3.
Types of S3 bucket -
a) S3 Standard IA
b) S3 Standard
c) S3 intelligent tiering
d) S3 Glacier
e) S3 Deep archive

4. Key Features of S3:

a. Versioning – AWS S3 is a means of keeping multiple variants of an object in the same

bucket, you can use the S3 versioning feature to preserve, retrieve and restore every
version of every object stored in your bucket. Versioning-enabled buckets can help you
recover objects from accidental deletion or overwrite.
b. Life cycle management.
c. Encryption
d. Multifactor authentication for object deletion.

5. S3 bucket Security:
There are two types of bucket security:
a. Bucket Policies – Json based scripts which are embedded in IAM policies of AWS which
can be utilized for S3 bucket security.
b. Access control List.
What is partitions? How many AWS partitions are there? **

A Partition is a group of AWS Region and Service objects.

You can use a partition to determine what services are available in a region, or what regions a service
is available in.
AWS accounts are scoped to a single partition. You can get a partition by name. Valid partition names
include:
1."aws" - Public AWS partition
2. "aws-cn" - AWS China
3. "aws-us-gov" - AWS GovCloud

4. "AWS-ISO,
5. "AWS-ISO-b"
The last two are only for Secret and Top-Secret US Government data.
Define Auto-scaling.
Auto-scaling is an activity that lets you dispatch advanced instances on demand.

Moreover, auto-scaling helps you to increase or decrease resource capacity according to the
application.
Can you illustrate the relationship between an instance and AMI?
With the help of just a single AMI, you can launch multiple instances and to even different types.

At the same time, an instance type is characterized by the host

What is a default storage class in S3?
The standard frequency accessed is the default storage class in S3.
What is the standard size of an S3 bucket?
The maximum size of an S3 bucket is five terabytes.
Is Amazon S3 an international/Global service?
Yes. Amazon S3 is an international service.
Its main objective is to provide an object storage facility through the web interface,
and it utilizes the Amazon scalable storage infrastructure to function in its global network.

Can you name some AWS services that are not region-specific?
o IAM
o Route 53
● S3
o Web application firewall
o CloudFront
Can you define EIP?

EIP stands for Elastic IP address.

It is a static Ipv4 address that is provided by AWS to administer dynamic cloud computing services.

IAM (Identity Access Management):

IAM allows you to manage users and their level of access to the AWS console.
Key components of IAM
1) Users – Users are end users within an organization.
eg – developers, testers, and infrastructure ppl.

2) User group – User groups are collections of users, each user in the group will inherit the permission
of the group.
3) Policies – Policies are made up of documents called policy The document, these documents are in
the format of JSON, and they give permission as to what a user group or a role can do.
4) IAM role – It is an IAM entity that defines a set of Permission-making AWS service requests. It is
not associated with specific users or groups.
Advantages of IAM

• It provides centralized control of your AWS account.

• Shared access to your AWS account.
• Multi-factor authentication.
• Identity federation
Cloud watch:

Amazon cloud watch is a monitoring and observability service built for all the application team
members. Cloud watch collects monitoring and operational data in the form of logs, matrices, and
events. Cloud watch is useful in setting up alarms, visualizing logs, and matrix side by side.
SNS (simple notification service):

Amazon SNS is a fully managed messaging service for both application-to-person and application-to-
application communication.
Use cases:
 1. Send messages directly to millions of users
2. Reliably deliver messages
3. Automatically scaling workload.
Clod Trail:

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk
auditing of your AWS account.

Cloud trail will store in S3 bucket.

Benefits:
1. Simplified compliance
2. Visibility into user and resource activity
3. Security analysis and troubleshooting
4. Security automation
Amazon RDS -
It is a relational database, RDS is fully managed with fast and creditable performance.
RDS is simple and scalable.
RDS is low-cost and pays for what we use.
Eg – MySql, Postgrace SQL, MariaDB, Oracle, Amazon Aurora

Amazon Aurora -
Is RDS reinvented for cloud, Aurora is 5 times better performance than MySql.
Aurora is available at 1/10 the cost of commercial db.

RDS -
It is easy to administer, RDS is highly scalable.
RDS is available & durable.
RDS provides a feature called a ready replica.
Ready Replica – Amazon RDS synchronously replicates the data to a standby instance in a
different availability zone.

Amazon RDS supports the most demanding applications and is fast.

It is made easy to control n/w access to your DB.
Amazon RDS lets you run your database in your instance in VPC.
It isolates the DB and makes it secure.
AWS KMS (Key Management Service): AWS KMS makes it easy for us to create and manage
cryptographic keys and control their use across a wide range of use and their applications.
Benefits:
1. Fully managed: you control access to your encrypted data by defining permission to use keys
while aws
2. Centralised Key management:
3. Manage encryption for AWS services.
4. Low cost

Route 53:
What is DNS (domain name server): it is a technique used by computers to translate human-
readable domain names into IP addresses.
How does it work? Let’s take an example, we want to access www.example.com from web or a
browser whenever we hit www.example.com on the web/browser/address bar the request for
www.example.com is routed to a DNS resolver which is typically managed by the user’s internet
service provider.
The DNS resolver for

You use an A record to route traffic to a resource, such as a web server, using an IPv4 address in
dotted decimal notation.
192.0.2.1
AAAA record type You use an AAAA record to route traffic to a resource, such as a web server, using
an IPv6 address in colon-separated hexadecimal format.
2001:0db8:85a3:0:0:8a2e: 0370:7334
A CNAME record maps DNS queries for the name of the current record, such as acme.example.com,
to another domain (example.com or example.net) or subdomain (acme.example.com or
zenith.example.org).
hostname.example.com
SOA record type

A start of authority (SOA) record provides information about a domain and the corresponding
Amazon Route 53 hosted zone. For information about the fields in an SOA record,
example: ns-2048.awsdns-64.net hostmaster.awsdns.com 1 1 1 1 60
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets,
such as Amazon EC2 instances, containers, and IP addresses.
It can handle the varying load of your application traffic in a single Availability Zone or across multiple
Availability Zones.
Elastic Load Balancing offers three types of load balancers that all feature the high availability,
automatic scaling, and robust security necessary to make your applications fault tolerant.

ELB Features:
ELB is used to load balance over EC2 instances within a VPC. Support both public and private IPS.
Full control over load balancer and security group.
Tightly integrated into associated VPC and subnet.

How load balancer will do health check

Application layer Load Balancing:
You can load balance HTTP/HTTPS applications and use layer 7-specific features, such as X-
Forwarded-For headers.
HTTPS Support:
An Application Load Balancer supports HTTPS termination between the clients and the load balancer.
Application Load Balancers also offer management of SSL certificates through AWS Identity and
Access Management (IAM) and AWS Certificate Manager for pre-defined security policies.

Server Name Indication (SNI):

Server Name Indication (SNI) is an extension to the TLS protocol by which a client indicates the
hostname to connect to at the start of the TLS handshake. The load balancer can present multiple
certificates through the same secure listener, which enables it to support multiple secure websites
using a single secure listener.

IP addresses as Targets:
You can load balance any application hosted in AWS or on-premises using the IP addresses of the
application backends as targets. This allows load balancing to an application backend hosted on any
IP address and any interface on an instance. Each application hosted on the same instance can have
an associated security group and use the same port. You can also use IP addresses as targets to load
balance applications hosted in on-premises locations (over a Direct Connect or VPN connection),
peered VPCs, and EC2-Classic (using Classic Link). The ability to load balance across AWS and on-prem
resources helps you migrate to the cloud, burst-to-cloud, or failover-to-cloud.
Network load balancer:
Network Load Balancer operates at the connection level (Layer 4), routing connections to targets -
Amazon EC2 instances, microservices, and containers – within Amazon Virtual Private Cloud (Amazon
VPC) based on IP protocol data. Ideal for load balancing of both TCP and UDP traffic, Network Load
Balancer is capable of handling millions of requests per second while maintaining ultra-low latencies.
Network Load Balancer is optimized to handle sudden and volatile traffic patterns while using a single
static IP address per Availability Zone. It is integrated with other popular AWS services such as Auto
Scaling, Amazon EC2 Container Service (ECS), Amazon CloudFormation, and AWS Certificate Manager
(ACM).
Network load balances key features:
1. Connection-based Load Balancing

You can load balance both TCP and UDP traffic, routing connections to targets - Amazon EC2
instances, microservices, and containers.
2. High Availability
Network Load Balancer is highly available. It accepts incoming traffic from clients and distributes this
traffic across the targets within the same Availability Zone. The load balancer also monitors the
health of its registered targets and ensures that it routes traffic only to healthy targets.
3. high Throughput
Network Load Balancer is designed to handle traffic as it grows and can load balance millions of
requests/sec. It can also handle sudden volatile traffic patterns.

Gateway load balancer:

Gateway Load Balancer makes it easy to deploy, scale, and manage your third-party virtual
appliances. It gives you one gateway for distributing traffic across multiple virtual appliances, while
scaling them up, or down, based on demand. This eliminates potential points of failure in your
network and increases availability.

What is OSI mode?

SDLC life cycle: Agile methodology

Autoscaling:
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady,
predictable performance at the lowest possible cost.
Autoscaling group:

• Setup scaling quickly

• Automatically maintain performance.
• Make smart scaling decisions.
• Pay only for what you need.
• Aws auto scaling features.